internal void SetContentRelatedHeadersFromConfig(HttpContextBase context) { var nwebsecContext = context.GetNWebsecContext(); SetXXssProtectionHeader(context, nwebsecContext); SetCspHeaders(context, nwebsecContext, false); SetCspHeaders(context, nwebsecContext, true); SetNoCacheHeadersFromConfig(context, nwebsecContext); }
private ICspConfiguration GetCspReportonlyConfiguration(HttpContextBase context) { var owinContext = context.GetNWebsecOwinContext(); if (owinContext != null && owinContext.CspReportOnly != null) { return owinContext.CspReportOnly; } return context.GetNWebsecContext().CspReportOnly; }
public IXXssProtectionConfiguration GetXXssProtectionConfiguration(HttpContextBase context) { var owinContext = context.GetNWebsecOwinContext(); if (owinContext != null && owinContext.XXssProtection != null) { return owinContext.XXssProtection; } return context.GetNWebsecContext().XXssProtection; }
public ISimpleBooleanConfiguration GetXDownloadOptionsConfiguration(HttpContextBase context) { var owinContext = context.GetNWebsecOwinContext(); if (owinContext != null && owinContext.XDownloadOptions != null) { return owinContext.XDownloadOptions; } return context.GetNWebsecContext().XDownloadOptions; }
public IXFrameOptionsConfiguration GetXFrameOptionsConfiguration(HttpContextBase context) { var owinContext = context.GetNWebsecOwinContext(); if (owinContext != null && owinContext.XFrameOptions != null) { return owinContext.XFrameOptions; } return context.GetNWebsecContext().XFrameOptions; }
public IXRobotsTagConfiguration GetXRobotsTagConfiguration(HttpContextBase context) { var owinContext = context.GetNWebsecOwinContext(); if (owinContext != null && owinContext.XRobotsTag != null) { return owinContext.XRobotsTag; } return context.GetNWebsecContext().XRobotsTag; }
internal void SetSitewideHeadersFromConfig(HttpContextBase context) { var nwebsecContext = context.GetNWebsecContext(); SetHstsHeader(context.Response, context.Request.IsSecureConnection, _cspUpgradeRequestHelper.UaSupportsUpgradeInsecureRequests(context.Request)); SetHpkpHeader(context.Response, context.Request.IsSecureConnection, false); SetHpkpHeader(context.Response, context.Request.IsSecureConnection, true); SetXRobotsTagHeader(context.Response, nwebsecContext); SetXFrameoptionsHeader(context.Response, nwebsecContext); SetXContentTypeOptionsHeader(context.Response, nwebsecContext); SetXDownloadOptionsHeader(context.Response, nwebsecContext); }
public ICspConfiguration GetCspConfiguration(HttpContextBase context, bool reportOnly) { if (reportOnly) { return GetCspReportonlyConfiguration(context); } var owinContext = context.GetNWebsecOwinContext(); if (owinContext != null && owinContext.Csp != null) { return owinContext.Csp; } return context.GetNWebsecContext().Csp; }
public CspOverrideConfiguration GetCspConfigurationOverride(HttpContextBase httpContext, bool reportOnly, bool allowNull) { var context = httpContext.GetNWebsecOwinContext() ?? httpContext.GetNWebsecContext(); var configOverride = GetConfigOverrides(context); if (allowNull) { return (reportOnly ? configOverride.CspReportOnlyOverride : configOverride.CspOverride) as CspOverrideConfiguration; } if (reportOnly) { if (configOverride.CspReportOnlyOverride == null) { configOverride.CspReportOnlyOverride = new CspOverrideConfiguration(); } return configOverride.CspReportOnlyOverride as CspOverrideConfiguration; } if (configOverride.CspOverride == null) { configOverride.CspOverride = new CspOverrideConfiguration(); } return configOverride.CspOverride as CspOverrideConfiguration; }